No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Travis Burtrum 916c97d66b Add jdk 10 and 11 to .travis.yml 10 months ago
src/main/java/com/moparisthebest/dns Implement persistant caching to disk on an interval 11 months ago
.gitignore Initial Commit 1 year ago
.travis-settings.xml Add .travis.yml 11 months ago
.travis.yml Add jdk 10 and 11 to .travis.yml 10 months ago
LICENSE.txt Switch license to MIT 11 months ago
jdnsproxy.properties Implement persistant caching to disk on an interval 11 months ago
pom.xml Switch license to MIT 11 months ago
readme.md Switch license to MIT 11 months ago

readme.md

jDnsProxy

Simple fast and lightweight DNS proxy and cache that listens on TCP or UDP ports and relays the request to various upstream DNS-over-TCP, DNS-over-TLS, or DNS-over-HTTPS servers, optionally over http or socks proxies (like tor), and optionally pinning public keys for complete TLS security. Implements a simple response cache respecting TTLs but also implementing proper Serve-Stale functionality.

This should support any current and future DNS record generically, as well as providing full DNSSEC support if upstream resolvers do.

Sample/default configuration is in jdnsproxy.properties and should be documented clearly there.

Build/run like so:

mvn clean package
java -jar target/jDnsProxy.jar ./jdnsproxy.properties

Implemented specs:

Use these for quick testing:

dig -p5353 @127.0.0.1 debian.org +tries=1 +retry=0 +tcp
dig -p5353 @127.0.0.1 debian.org +tries=1 +retry=0 +tcp +dnssec

dig -p5353 @127.0.0.1 debian.org +tries=1 +retry=0
dig -p5353 @127.0.0.1 debian.org +tries=1 +retry=0 +dnssec

And use this to extract TLS public keys in pinning format:

openssl s_client -connect 'dns.google.com:443' 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey | openssl asn1parse -noout -inform pem -out /dev/stdout | openssl dgst -sha256 -binary | openssl base64

License

MIT License, refer to LICENSE.txt